We are encountering a blocking issue concerning S3. According to the documentation, the CORS policy requires '"AllowedOrigins": ["*"]', which contradicts our security policy. We need to specify a specific URL to grant Retool access, similar to what is mentioned in the documentation for '"PUT", "POST", "DELETE"'.
Hi @Dirshant_Kumar ,
I think that you'll either need to selfhost Retool then or use a proxy you can control.
1 Like
Hey @Dirshant_Kumar!
You should be able to specify all the allowed HTTP methods together with the more restrictive AllowedOrigins, ie:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"PUT",
"POST",
"DELETE"
],
"AllowedOrigins": [
"https:// *.retool.com" or "https://[your subdomain].retool.com"
]
}
]
Let me know if that works for you.